fix apache2 davlockdb path in chowns
[hcoop/scripts.git] / destroy-user
1 #!/bin/bash
2
3 # MUST be executed:
4 # - on the kerberos domain controller
5 # - as a user with an /etc/sudoers line
6 # - as a user with domtool-admin rights
7 # - while holding system:administrator tokens
8
9 USER=$1
10 if test -z "$USER"; then
11 echo Usage: destroy-user USERNAME
12 exit 1
13 fi
14
15 PATHBITS=`echo $USER | head -c 1`/`echo $USER | head -c 2`/$USER
16 HOMEPATH=/afs/hcoop.net/user/$PATHBITS
17 MAILPATH=/afs/hcoop.net/common/email/$PATHBITS
18 # We don't use separate partitions for logs
19 #LOGSPATH=/afs/.hcoop.net/common/.logs/$USER
20
21 sudo rm -f /etc/keytabs/mailfilter/$USER
22 sudo rm -f /etc/keytabs/cgi/$USER
23 sudo rm -f /etc/keytabs/user.daemon/$USER
24
25 # LDAP
26 # sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
27 # uid=$USER,ou=People,dc=hcoop,dc=net
28 # sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
29 # uid=$USER.cgi,ou=People,dc=hcoop,dc=net
30 # sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
31 # uid=$USER.mailfilter,ou=People,dc=hcoop,dc=net
32 # sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
33 # cn=$USER,ou=Group,dc=hcoop,dc=net
34 # sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
35 # cn=$USER.cgi,ou=Group,dc=hcoop,dc=net
36 # sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
37 # cn=$USER.mailfilter,ou=Group,dc=hcoop,dc=net
38 # sudo ldapdelete -v -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret \
39 # cn=$USER.daemon,ou=Group,dc=hcoop,dc=net
40
41 # Remove from domtool
42 domtool-rmuser $USER
43
44 # Invalidate nscd cache
45 sudo nscd -i passwd
46 sudo nscd -i group
47
48 # Remove from databases
49 #sudo -u postgres psql -c "DROP TABLESPACE user_$USER"
50 #sudo -u postgres psql -c "DROP USER $USER"
51 #sudo -H mysql -e "DROP USER $USER@localhost"
52
53 # Remove privs before rm
54 fs sa $HOMEPATH -clear system:anyuser none
55 fs sa $MAILPATH -clear system:anyuser none
56 #XXX see what to do with db volume
57
58 fs rm $MAILPATH
59 fs rm $HOMEPATH
60 #fs rm $LOGSPATH
61 #fs rm $DBPATH
62 fs rm /afs/.hcoop.net/old/user/$PATHBITS
63 fs rm /afs/.hcoop.net/old/mail/$PATHBITS
64
65 # Don't delete volumes, rename them.
66 #vos remove deleuze.hcoop.net /vicepa user.$USER
67 #vos remove deleuze.hcoop.net /vicepa mail.$USER
68 #vos remove deleuze.hcoop.net /vicepa db.$USER
69 #vos remove deleuze.hcoop.net /vicepa logs.$USER
70 vos rename user.$USER user.$USER.d
71 vos rename mail.$USER mail.$USER.d
72 #XXX vos rename db.$USER db.$USER.d
73
74 #vos release common.databases
75 #vos release common.logs
76
77 sudo kadmin.local -q "delprinc -force $USER@HCOOP.NET"
78 sudo kadmin.local -q "delprinc -force $USER/mailfilter@HCOOP.NET"
79 sudo kadmin.local -q "delprinc -force $USER/cgi@HCOOP.NET"
80 sudo kadmin.local -q "delprinc -force $USER/daemon@HCOOP.NET"
81
82 pts delete $USER
83 pts delete $USER.mailfilter
84 pts delete $USER.cgi
85 pts delete $USER.daemon
86
87 #fs rm /afs/hcoop.net/old/user/$PATHBITS
88 #fs rm /afs/hcoop.net/old/mail/$PATHBITS
89 #fs rm /afs/hcoop.net/old/logs/$PATHBITS
90
91 vos syncserv gibran
92 vos syncvldb gibran
93 fs checkvolumes
94
95 # Remove user from all of our mailing lists
96 echo $USER@hcoop.net | ssh -K minsky sudo -u list \
97 /var/lib/mailman/bin/remove_members --fromall -f -
98